Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

IP range based authentication

IP range based authentication

One way to secure a web-based application is to restrict access based on the IP address.

You can block access to a specific address or range of addresses that you suspect belong to malicious individuals. The instance allows you to control access by IP address.

Notes and Limitations:

  • The system won't let you lock yourself out, so if you try to add a rule such that your current address would be locked out, the system will warn you and refuse your insert.
  • If you're inside of a corporate intranet, be very careful about setting up your IP rules. The IP address you see on your own computer (like 10.10.10.25) generally bears no relationship to the IP address you'll actually appear as out on the internet. Your company will likely proxy and/or NAT your address into a predictable set of outbound addresses which you'll likely need to ask your network team about.
  • A user whose access is restricted based on an access rule will get a 403 error on their browser.
  • Restricted users don't use transactions, semaphores or count towards any server resource counts.
  • This feature doesn't supersede or override your existing access control rules if, for example, you're running a VPN to our data center. It's an additional check that must be met in addition to any access controls we may have set up on your PIX.
  • Allow rules always supersede deny rules. So if my address is both allowed (by one rule) and denied (by a second rule) it is, in fact, allowed.
  • Asterisks and CIDR blocks are not currently supported.
  • Regarding forwarded proxy addresses, the allow rules are applied to each address in the chain and then the deny rules are applied to each address in the chain if none of the allow rules matched.

This site is scheduled for a small content update on Tuesday, December 18th, between the hours of 4:00pm and 8:00pm Pacific Time (Dec 19 00:00 – Dec 19 4:00 UTC). Access to this site may be slightly delayed during that time.